IBM Rational Performance Tester is vulnerable to error inputs in OAEPEncoding, potentially allowing a remote attacker to exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVEID:CVE-2020-26939
**DESCRIPTION:**Legion of the Bouncy Castle BC and Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive information, caused by observable differences in behavior to rrror inputs in org.bouncycastle.crypto.encodings.OAEPEncoding. By using the OAEP Decoder to send invalid ciphertext that decrypts to a short payload, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191108 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
RPT | 9.5 |
RPT | 10.0 |
Upgrading to version 10.1.2 is strongly recommended.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
RPT | 9.5 | None | <https://download4.boulder.ibm.com/sar/CMA/RAA/09ht2/0/PSIRT-28248-9.5.0.0-ifix.zip> |
RPT | 10.0 | None | <https://download4.boulder.ibm.com/sar/CMA/RAA/09ht1/1/PSIRT-28248-10.0.2.1-ifix.zip> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm rational performance tester | eq | 10.1 | |
ibm rational performance tester | eq | 10.0 | |
ibm rational performance tester | eq | 9.5 |